Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 1714 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What to do with virus's??

DJ

Hello, we are having a bit of issues with some virus's on some pcs. 
We have setup our policy as recomended by our sophos trainer so on detection of a virus sophos AV just blocks access and does not automatically delete the virus. (to allow false positives etc),

We now have around 50 pcs in the console with random virus's like below...

20/09/2010 05:03:55  Virus/spyware  Mal/Iframe-F                  C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\WIFM3FC2\novelty[1].htm

and 

22/09/2010 11:00:37  Virus/spyware  Not cleanable  W32/VB-CVP                    C:\fun.xls.exe      

We need to delete these files from their machines now we have checked that they are not random false positives. Is there anyway to get sophos to delete them from the console? The only option I get is clean and acknowledge, clean fails and I dont just want to acknowledge it! . 

Hope that makes sense! 

Dave J

:5146


This thread was automatically locked due to age.
Parents
  • 0

    If cleanup fails and you don't get a corresponding (meaningful) error message in SEC check the client's anti-virus log (SAV.txt). The .htm-files, for example, might no longer exist at the time you request the cleanup. It also makes a difference whether you scan on write or not. 

    Please see also removing viruses over a network (as suggested in the analysis for W32/VB-CVP). Newer identities support the Full scan required indicator (together with the necessary cleanup actions) but I assume (just my personal assumption) that older ones with low prevalence are not updated.

    Christian

    :5148
Reply
  • 0

    If cleanup fails and you don't get a corresponding (meaningful) error message in SEC check the client's anti-virus log (SAV.txt). The .htm-files, for example, might no longer exist at the time you request the cleanup. It also makes a difference whether you scan on write or not. 

    Please see also removing viruses over a network (as suggested in the analysis for W32/VB-CVP). Newer identities support the Full scan required indicator (together with the necessary cleanup actions) but I assume (just my personal assumption) that older ones with low prevalence are not updated.

    Christian

    :5148
Children
No Data